Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_exception_bad_expansion(self):
try:
expand_action("s3:zzz*")
assert False
except UnknownActionException as e:
assert True
def get_privilege_info(service, action):
"""
Given a service, like "s3"
and an action, like "ListBucket"
return the info from the docs about that action, along with some of the info from the docs
"""
for service_info in iam_definition:
if service_info["prefix"] == service:
for privilege_info in service_info["privileges"]:
if privilege_info["privilege"] == action:
privilege_info["service_resources"] = service_info["resources"]
privilege_info["service_conditions"] = service_info["conditions"]
return privilege_info
raise UnknownActionException("Unknown action {}:{}".format(service, action))
location={"string": self.stmt},
)
return False
# Expand the actions from s3:Get* to s3:GetObject and others
expanded_actions = []
for action in actions:
# Handle special case where all actions are allowed
if action == "*" or action == "*:*":
# TODO Should ensure the resource is "*" with this action
continue
try:
# Given an action such as "s3:List*", return all the possible values it could have
expanded_actions.extend(expand_action(action))
except UnknownActionException as e:
self.add_finding(
"UNKNOWN_ACTION", detail=str(e), location={"unknown_action": action, "statement": self.stmt}
)
return False
except UnknownPrefixException as e:
self.add_finding(
"UNKNOWN_PREFIX", detail=str(e), location={"statement": self.stmt}
)
return False
except Exception as e:
self.add_finding(
"EXCEPTION", detail=str(e), location={"statement": self.stmt}
)
return False
# Check the resources are correct formatted correctly